I’ve been writing up some fairly boring challenges for the sake of getting them out of the way, but now it’s finally time to actually hack!
Challenge:
Name: Login Admin
Description: Log in with the administrator’s user account
Difficulty: 2 star
Category: Injection
Expanded Description: https://pwning.owasp-juice.shop/part2/injection.html
Read MoreHardly a challenge.
Challenge:
Name: Privacy Policy
Description: Read our privacy policy.
Difficulty: 1 star
Category: Miscellaneous
Expanded Description:.https://pwning.owasp-juice.shop/part2/miscellaneous.html
Read MoreChallenge:
Name: Bully Chatbot
Description: Receive a coupon code from the support chatbot.
Difficulty: 1 star
Category: Miscellaneous
Expanded Description: None available.
Read MoreChallenge:
Name: Score Board
Description: Find the carefully hidden ‘Score Board’ page.
Difficulty: 1 star
Category: Miscellaneous
Expanded Description: https://pwning.owasp-juice.shop/part2/score-board.html
Read MoreBecause I’m a little burned out from spending so much time on Leetcode of late, I recently reached out to a subreddit which focuses on infosec career advice (r/SecurityCareerAdvice) to ask more knowledgeable folks how I could demonstrate continued interest in cyber security without spending money I don’t have on a series of certifications. Both responses included suggestions that I write blog posts, with one going a step further and recommending that I write up walkthroughs for whatever I was working on (a huge thank you is in order for that person, who’s given me permission to post a link to their company’s website, https://securityps.com/).
The thing I’ve been working on most recently, which I’ve been picking at slowly but surely for the last few months, is OWASP’s Juice Shop (https://github.com/bkimminich/juice-shop). Juice Shop is an intentionally insecure web application which is designed to teach people like me how to find and exploit vulnerabilities in a realistic setting.
Read MoreAs pretty much everyone who’s written a line of code in the last five years knows, the keys to passing a technical interview are the candidate’s ability to solve algorithmic brain teasers as efficiently as possible, and to explain their thought process as they do so. With software job postings frequently attracting over a thousand applications, this is the admittedly imperfect method by which companies separate the skilled wheat from the underperforming chaff.
Put simply: to get a good job you need to dedicate hundreds of hours to practicing a skill with very little direct translation to the position to which you’ve applied.
“But how can I practice such a niche skill” you ask? Leetcode.com. Where computer science students’ fanciful dreams of $300k per year unicorn jobs go to die.
It is also where I’ve spent the last five weeks.
In the last month I’ve developed a real problem: All I want to do is work on security related topics.
The day after I wrote my last post I managed to gain root access to my first virtual box on hackthebox.eu. Since then I’ve rooted about a dozen others, listened to half of the Darknet Diaries podcast archive, watched hour after hour of DEFCON and Black Hat talks, and read more about both offensive and defensive security than is even remotely reasonable. Drinking from a firehose, as it were.
As is my Kali VM
I’m hooked, and therein lies the problem: I’m back to not knowing what I don’t know.
Read MoreA couple of weeks ago I wrote out a plan for myself to follow in the hopes of getting a job. It’s important for me to be able to track my own progress, so in that vein I’ll be posting occasional updates on what I’m working on and how I’m structuring my time and efforts.
The first week went according to plan. The second, sadly, did not.
When I got my acceptance letter to the University of Washington I thought my days of financial stress would end upon graduation. There would be a Saturday where I would sit in a field, listen to speeches, walk across the podium to collect my diploma, and two days later I’d wake up early for my first day of work in a new industry.
Like everyone else, the current job market and world economic conditions were beyond any reasonably conceivable reality I could conjure up. I didn’t even get to sit in the field.
One of the things I really like about the CS program I’m in is that it gives me the opportunity to revisit this project and modify it based on what I’m learning about in school. This quarter, for example, I’m taking an Analysis and Design class, where we are learning about domain models, use case diagrams, and design patterns. One of the other things I really like is that the program focuses on developing new products from scratch with a team of other students. After ensuring that none of my teammates had any ideas about what to build, I talked my team into working on this.
An early iteration of the domain diagram.
Curiosity Kills Colby 